CVE-2019-20357 – Trend Micro Security (Consumer) Arbitrary Code Execution
https://notcve.org/view.php?id=CVE-2019-20357
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system. Se presenta una vulnerabilidad de Ejecución de Código Arbitrario Persistente en la familia de productos de consumo Trend Micro Security 2020 (versiones v160) y 2019 (versión v15), que podría permitir potencialmente a un atacante la capacidad de crear un programa malicioso para escalar privilegios y lograr la persistencia sobre el sistema vulnerable. Trend Micro Security can potentially allow an attacker to use a malicious program to escalate privileges to SYSTEM integrity and obtain persistence on a vulnerable system. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-PERSISTENT-ARBITRARY-CODE-EXECUTION.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124099.aspx https://seclists.org/bugtraq/2020/Jan/28 • CWE-428: Unquoted Search Path or Element •
CVE-2019-19697 – Trend Micro Security 2019 Security Bypass Protected Service Tampering
https://notcve.org/view.php?id=CVE-2019-19697
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administrator privileges on the target machine in order to exploit the vulnerability. Se presenta una vulnerabilidad de ejecución de código arbitrario en la familia de productos de consumo Trend Micro Security 2019 (versión v15), que podría permitir a un atacante alcanzar privilegios elevados y alterar los servicios protegidos al deshabilitarlos o de otro modo impedir que se inicien. Un atacante ya debe poseer privilegios de administrador sobre la máquina de destino para explotar la vulnerabilidad. • http://hyp3rlinx.altervista.org/advisories/TREND-MICRO-SECURITY-CONSUMER-SECURITY-BYPASS-PROTECTED-SERVICE-TAMPERING.txt https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124090.aspx https://seclists.org/bugtraq/2020/Jan/29 •
CVE-2019-19693 – Trend Micro Maximum Security Link Resolution Information Disclosure And Denial-of-Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-19693
The Trend Micro Security 2020 consumer family of products contains a vulnerability that could allow a local attacker to disclose sensitive information or to create a denial-of-service condition on affected installations. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. La familia de productos de consumo Trend Micro Security 2020, contiene una vulnerabilidad que podría permitir a un atacante local revelar información confidencial o crear una condición de denegación de servicio sobre las instalaciones afectadas. Un atacante primero debe obtener la capacidad de ejecutar código poco privilegiado en el sistema de destino para explotar esta vulnerabilidad. This vulnerability allows local attackers to disclose sensitive information or to create a denial-of-service condition on affected installations of Trend Micro Maximum Security. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124043.aspx https://www.zerodayinitiative.com/advisories/ZDI-19-1025 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2019-19690
https://notcve.org/view.php?id=CVE-2019-19690
Trend Micro Mobile Security for Android (Consumer) versions 10.3.1 and below on Android 8.0+ has an issue in which an attacker could bypass the product's App Password Protection feature. Trend Micro Mobile Security for Android (Consumer) versiones 10.3.1 y por debajo en Android versión 8.0+ presenta un problema donde un atacante podría omitir la funcionalidad App Password Protection del producto. • https://esupport.trendmicro.com/en-us/home/pages/technical-support/1124037.aspx • CWE-521: Weak Password Requirements •
CVE-2019-18191
https://notcve.org/view.php?id=CVE-2019-18191
A privilege escalation vulnerability in the Trend Micro Deep Security as a Service Quick Setup cloud formation template could allow an authenticated entity with certain unrestricted AWS execution privileges to escalate to full privileges within the target AWS account. Una vulnerabilidad de escalada de privilegios en la plantilla de formación en la nube de Trend Micro Deep Security as a Service Quick Setup, podría permitir que una entidad autenticada con ciertos privilegios de ejecución AWS sin restricciones escala a privilegios completos dentro de la cuenta AWS de destino. • https://success.trendmicro.com/solution/000157758 • CWE-459: Incomplete Cleanup •